From: wjnorth (wjnorth@earthlink.net)
Date: Fri Jan 30 2004 - 12:36:58 EST
Hmm...I don't think I said that those tools were penetration testing tools,
I do believe I said they were vulnerability scanners, of which one can use
to perform pen tests. I think you flamed the wrong person. Thanks for the
misdirected correction though, as quite a few people confuse the two. ;-)
-Wes
At 03:51 PM 1/30/2004 +0100, Frederic Charpentier wrote:
> Hi.
>
> Qualys, Nessus are not a pentest : it's a vulnerability scan.
>
> Please, don't use "pentest" to describe these kind of services.
>
> Fred
>
>On Wed, 28 Jan 2004 15:04:22 -0800
>wjnorth <wjnorth@earthlink.net> wrote:
>
> > Good catch there. In my opinion one can't rely on a single
> > vulnerability scanner, which is why I typically use 2 or 3, Nessus for
> > open source then some foo-foo commercial tool to validate and
> > invalidate findings. Additionally, depending on what you are testing,
> > there are a ton of application level scanners for Database, Web, App
> > and such the like. There is no "leader" in any area, at most each tool
> > validates the other, I've yet to rely solely on a single tool as the
> > end-all-solution.
> >
> > -Wes
> > Sr. Information Security Engineer
> >
> > At 10:24 AM 1/27/2004 -0500, Eric Greenberg wrote:
> > >That's a bold statement "leader in the space." I don't believe there
> > >is a single leader in the penetration testing space, there are
> > >choices. Answering his question about credentials, information,
> > >references might be less subjective.
> > >
> > >Regards,
> > >
> > >Eric Greenberg
> > >Chief Technical Officer
> > >NetFrameworks, Inc.
> > >http://www.NetFrameworks.com
> > >
> > >-----Original Message-----
> > >From: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA
> > >[mailto:gideon@infostruct.net]
> > >Sent: Monday, January 26, 2004 9:03 PM
> > >To: pen-test@securityfocus.com
> > >Cc: aoyt78@dsl.pipex.com
> > >Subject: How to pick the right company for penetration testing?
> > >
> > >
> > >Andy,
> > >
> > >You should investigate vulnerability scanning services. The leader in
> > >the space is Qualys
> > >
> > > >>>>>>>>>>>>>>>>>>>>> the poster's original question
> > >I'm in a position to recommend a company and would like to know, what
> > >credentials/information/references should I ask for from a company
> > >who offers such services.
> > >
> > >
> > >
> > >
> > >--------------------------------------------------------------------
> > >--------------------------------------------------------------------
> > >---------------
> > >
> > >
> > >
> > >
> > >--------------------------------------------------------------------
> > >--------------------------------------------------------------------
> > >---------------
> > >
> > >
> > >--------------------------------------------------------------------
> > >--------------------------------------------------------------------
> > >---------------
> >
> >
> > ---------------------------------------------------------------------
> > ---------------------------------------------------------------------
> > -------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT